[00:00.000 --> 00:05.200]  Another author of this presentation is Seungjoo Kim.
[00:05.260 --> 00:10.340]  In this presentation, we prepared together, but only I speak.
[00:10.340 --> 00:18.900]  The title is Blockchain for Cyber Defense and Will It Be Good As You Think? is our topic.
[00:19.080 --> 00:27.440]  It's 5 a.m. in Korea, so I think the condition is not normal, but I hope you understand.
[00:36.920 --> 00:42.040]  Again, I'm Seungri Lee, and I'm a Ph.D. student at Korea University.
[00:42.260 --> 00:45.460]  I'm the captain of the Republic of Korean Army.
[00:45.520 --> 00:50.660]  I have three years' experience as a researcher in the Agency for Defense Development.
[00:50.660 --> 00:56.580]  It's about the development of the defense and armed system.
[00:56.940 --> 01:02.120]  As a security researcher, I'm interested in network security and cyber defense.
[01:03.340 --> 01:17.200]  About blockchain, I was a speaker of CryBlock 2019 at IEEE Infocom.
[01:17.520 --> 01:22.120]  The title was Countering Block Withholding Attack Efficiently.
[01:22.240 --> 01:28.540]  Also, I will speak at CryBlock 2020 at ACM Mobicom.
[01:28.540 --> 01:41.560]  It will be September, and the title will be No Prosperous Take Has Taken Predatory Destructive Attack on Prosperous Take Cryptocurrencies.
[01:41.560 --> 01:48.760]  It will be about a novel attack methodology about POS cryptocurrency.
[01:49.760 --> 01:56.360]  It's not about research. I like to get groundbreaking ideas from philosophy.
[01:56.360 --> 02:03.180]  My favorite philosophers are Derrida, Nietzsche, Foucault, and Wittgenstein.
[02:03.180 --> 02:07.980]  Another author of this presentation is Seungju Kim.
[02:07.980 --> 02:15.460]  He's my advisor, and he's a professor of cybersecurity at Korea University.
[02:15.460 --> 02:27.680]  He's a reviewer in several international hacking conferences like Black Hat Asia and Secure Insight.
[02:27.680 --> 02:31.900]  He's also an advisor of an undergraduate hacking club, Cyker.
[02:32.780 --> 02:38.440]  The hacking group Cyker is now competing in DEF CON online.
[02:38.440 --> 02:56.640]  His main research areas are focused on trustworthy systems, development methodology, secure SDLC, RMAF, common criteria, CMVP, blockchain, etc.
[02:58.060 --> 03:02.940]  So our topics are, what is blockchain for cyber defense?
[03:02.940 --> 03:13.200]  Maybe many of you are blockchain professionals but not familiar with cyber defense or blockchain for cyber defense.
[03:13.260 --> 03:29.400]  Our main discussions are challenges in cyber defense, and then we will talk about related military projection analysis.
[03:30.220 --> 03:33.600]  As a summary, we will talk about takeaway.
[03:40.490 --> 03:44.130]  Targets of this talk are four kinds of people.
[03:44.650 --> 04:02.530]  Someone interested in blockchain, someone interested in cyber defense, and someone interested in how blockchain can be hacked, and someone who needs fresh ideas.
[04:04.150 --> 04:07.890]  Who doesn't know blockchain or what is cyber defense?
[04:07.890 --> 04:15.950]  I hope this talk will give you fresh ideas about this topic or any ideas.
[04:19.270 --> 04:22.250]  So blockchain for cyber defense, what is it?
[04:22.250 --> 04:27.170]  Maybe you know what is blockchain.
[04:27.170 --> 04:33.110]  Actually, blockchain is not clearly defined.
[04:33.110 --> 04:38.510]  Blockchain is started from Bitcoin founded by Satoshi Nakamoto.
[04:38.510 --> 04:53.210]  In his white paper, he didn't write clear definition of blockchain, but his main topic was Bitcoin.
[04:54.450 --> 05:01.310]  In my thought, I think blockchain is constructed by three concepts.
[05:01.310 --> 05:07.570]  Maybe some can think differently because the start of blockchain was not clearly defined.
[05:07.570 --> 05:23.910]  One is, as a data structure, hash chain blocks, as a network structure, distributed network, and as a consensus structure, decentralized consensus.
[05:24.650 --> 05:35.810]  And it has some fundamental problems.
[05:35.810 --> 05:37.750]  It's called trilemma.
[05:37.750 --> 05:41.310]  Scalability, security, and decentralization.
[05:41.310 --> 05:49.410]  Three kinds of characteristics can be satisfied at the same time.
[05:51.230 --> 05:53.310]  Then what is cyber defense?
[05:53.310 --> 05:58.930]  Maybe some of you know, but maybe majority of you don't know.
[05:58.930 --> 06:00.710]  This picture is just for fun.
[06:00.710 --> 06:02.510]  It's not like cyber defense.
[06:03.150 --> 06:05.190]  It's just funny.
[06:07.310 --> 06:09.370]  So what is cyber defense?
[06:09.370 --> 06:17.330]  Before I talk about this, I should define what is cyber security.
[06:17.330 --> 06:28.570]  Classically, many people talk about information security, but also many people just talk about cyber security like information security.
[06:28.570 --> 06:42.510]  If cyber security is the same as information security, then it's not worth to talk about cyber security or name cyber security.
[06:42.510 --> 06:52.670]  So I bring a clear and distinguishable definition from the reference at the bottom you can see.
[06:53.130 --> 07:02.230]  In their research, they define cyber security as treating stress using ICT.
[07:02.230 --> 07:04.550]  Then what is classical information security?
[07:04.550 --> 07:09.870]  Information security is treating stress to information-based assets.
[07:09.870 --> 07:15.110]  But cyber security is treating any stress using ICT.
[07:15.610 --> 07:18.990]  ICT is information and communication technology.
[07:18.990 --> 07:26.550]  For example, car accident is not included in information security.
[07:26.550 --> 07:37.690]  But if car accident is by a car remotely controlled by a hacker, then it is included in cyber security domain.
[07:37.690 --> 07:41.930]  Now we can define what is cyber defense.
[07:42.830 --> 07:49.410]  Cyber defense is intersection of cyber security and national security or national defense.
[07:49.410 --> 07:57.830]  National security and national defense are used in the same way many times.
[07:59.650 --> 08:08.990]  Not only cyber defense is about military defense, but widely it's all about national security.
[08:09.570 --> 08:11.850]  So why is it like that?
[08:11.850 --> 08:14.950]  You can see in the picture.
[08:15.670 --> 08:24.670]  At the past, the stress to countries was through only military domain.
[08:24.670 --> 08:31.310]  They should overcome armed forces, army, air force, and navy.
[08:32.610 --> 08:40.270]  So general physical stress on defense is through military area.
[08:40.270 --> 08:50.930]  But non-military domain, including severe assets and critical infrastructures, are covered by military domain.
[08:50.930 --> 08:59.030]  But these days, they can be attacked directly by ICT, information and communication technologies.
[08:59.030 --> 09:14.310]  For example, they can hack the plant and hack the financial systems and hack governmental information systems.
[09:14.350 --> 09:18.230]  It's already happened.
[09:18.230 --> 09:23.810]  In 2007, cyber attack to Estonia was really severe.
[09:23.810 --> 09:28.670]  That's the beginning of the CCTCOE in NATO.
[09:28.730 --> 09:33.770]  In 2010, Stuxnet to Iranian nuclear facilities.
[09:33.770 --> 09:45.070]  It was shocking accident that computer virus can stop the nuclear targets and stop nuclear plant.
[09:45.070 --> 09:53.230]  In 2015, Black Energy temporarily stopped the Ukrainian power grid.
[09:53.570 --> 10:01.530]  Now, cyber attacks can directly attack national security and national assets.
[10:01.530 --> 10:06.890]  Therefore, national countries need powerful cybersecurity technologies.
[10:07.070 --> 10:11.390]  That's how cyber defense meets blockchain.
[10:12.390 --> 10:16.700]  Blockchain looks secure and reliable.
[10:17.270 --> 10:27.560]  Many articles and news always talk about it's really nice secure world with blockchain.
[10:28.010 --> 10:34.210]  Secure, reliable, survival, and so on.
[10:34.210 --> 10:35.600]  It's true.
[10:35.600 --> 10:47.980]  Blockchain technology is not about single point of failure and it's immune to any minority attacks.
[10:47.980 --> 10:53.800]  Even DDoS attacks are really difficult to blockchain.
[10:53.800 --> 10:57.060]  It should overcome majority resources.
[10:59.820 --> 11:07.240]  So, policy makers of countries easily think like that.
[11:07.240 --> 11:15.880]  Defense systems require high security and high reliability.
[11:15.880 --> 11:19.420]  Blockchain looks unhackable.
[11:19.420 --> 11:22.980]  Okay, then defense needs this technology.
[11:22.980 --> 11:26.680]  It's really simple logic and expectable.
[11:27.840 --> 11:33.800]  In reality, many projects are already in progress.
[11:34.600 --> 11:42.120]  We will discuss about related projects in the next section.
[11:42.120 --> 11:47.500]  But in preview, military-included messaging app built on blockchain.
[11:47.500 --> 11:55.060]  Blockchain supply chain enhancement for trusted and assured FPGA and ASICs.
[11:55.060 --> 11:58.480]  Decentralized key management using blockchain.
[11:58.480 --> 12:04.260]  Army innovation network provenance using blockchain and disconnected networks.
[12:04.260 --> 12:07.140]  Navy multi-factor authentication.
[12:07.760 --> 12:10.820]  Coups through resilient blockchain framework.
[12:10.820 --> 12:14.140]  Chinese soldiers reward system using cryptocurrency.
[12:14.760 --> 12:18.340]  Blockchain-based record intelligence.
[12:18.540 --> 12:21.720]  French military police record on Tazos blockchain.
[12:21.720 --> 12:23.160]  South Korean military.
[12:23.160 --> 12:28.500]  Blockchain-based digital identification, DID.
[12:28.500 --> 12:31.520]  And also other projects.
[12:31.740 --> 12:36.480]  So, will it be as good as you think?
[12:36.480 --> 12:43.300]  Well, in this talk, I want to question and introduce some challenges.
[12:45.300 --> 12:50.400]  So, to meet the challenges, let's go to the battleground.
[12:51.660 --> 12:54.700]  Maybe some of you like this game.
[12:55.840 --> 12:59.660]  So, what is waiting for us in the battleground?
[13:00.880 --> 13:07.420]  There is a profession. I introduced a profession, Carl von Clausewitz.
[13:07.440 --> 13:12.300]  And he is a really professional in war and battleground.
[13:12.300 --> 13:16.800]  He said in Twitter, war is a volume of uncertainty.
[13:16.800 --> 13:27.180]  Three quarters of the factors on which action in war is based are wrapped in a fog of greater and lesser uncertainty.
[13:27.900 --> 13:32.460]  In summary, he says, it's full of uncertainty.
[13:32.460 --> 13:35.260]  So, what is big uncertainty?
[13:35.260 --> 13:43.980]  Blockchain technology already assumes many uncertain situations, right?
[13:43.980 --> 13:50.440]  But in battleground, uncertainty can be really extreme.
[13:50.440 --> 13:58.000]  For example, you got ordered to go to mountain and save the mountains.
[13:58.000 --> 14:01.220]  In Korea, mountains are like that.
[14:01.460 --> 14:10.820]  And our territory is covered by mountains like that.
[14:10.820 --> 14:20.200]  So, when you got ordered to go to mountain, then we expect mountains are covered by trees, usually, right?
[14:20.260 --> 14:25.040]  But in reality, mountains can be devastated.
[14:26.960 --> 14:33.200]  You can go to mountain and there can be even no single tree.
[14:33.260 --> 14:36.740]  Rare trees burned down a year ago.
[14:36.740 --> 14:43.620]  In Korean war in 1950, most of our trees burned down.
[14:44.340 --> 14:55.560]  So, what I want to say is situations in battleground can be extremely miserable.
[14:56.680 --> 15:04.800]  But you got ordered and you should say, I swear in army.
[15:06.580 --> 15:14.680]  So, let's assume policy makers said adopt the blockchain technology and secure our networks.
[15:16.100 --> 15:19.880]  Also, let's assume it's not questionable.
[15:19.880 --> 15:24.340]  You are not allowed to question about this decision.
[15:25.340 --> 15:37.640]  Actually, many people don't agree with private blockchain networks.
[15:40.000 --> 15:43.420]  So, we will encounter three challenges.
[15:43.420 --> 15:45.800]  Challenge one, air gap networks.
[15:45.800 --> 15:49.720]  And challenge two, first dynamic environment.
[15:50.240 --> 15:54.240]  And challenge three, the resource shortage.
[15:55.220 --> 15:58.480]  So, challenge one, air gap networks.
[15:58.480 --> 16:00.100]  So, what is air gap networks?
[16:00.400 --> 16:04.400]  This is maybe familiar for most of you.
[16:04.900 --> 16:18.940]  In military networks and critical infrastructures in most countries, many networks have air gap environments.
[16:20.200 --> 16:26.880]  Air gap is something technology to make networks isolated.
[16:26.880 --> 16:35.620]  So, you can see internet, mainly stressors come from outer internet.
[16:35.620 --> 16:41.160]  So, to protect internet, you can make air gaps.
[16:41.160 --> 16:47.540]  Air gaps can be software-based air gap and hardware-based air gap.
[16:47.540 --> 16:50.080]  And there is true air gap.
[16:50.080 --> 16:54.520]  True air gap means there is no communication between air gap.
[16:54.520 --> 16:58.380]  But, well, it's not always magical.
[16:58.380 --> 17:03.220]  Because Stuxnet exploded air gap networks.
[17:03.220 --> 17:14.120]  Anyway, if there is an air gap, then it is hard to construct blockchain.
[17:14.120 --> 17:23.740]  Because communication is not possible and many networks are partitioned and isolated.
[17:23.740 --> 17:28.880]  So, anyway, let's make blockchain here.
[17:29.260 --> 17:44.760]  So, for example, you can construct servers of each isolated network and communicate messages by those servers.
[17:44.760 --> 17:50.040]  Then, it will be a single point of failure and it's just centralized.
[17:51.040 --> 18:02.940]  Another way, you can make isolated networks and each isolated network has isolated blockchain.
[18:02.940 --> 18:15.440]  But isolated networks have not enough nodes or servers to make enough decentralized networks.
[18:15.440 --> 18:20.940]  So, it will make decentralization not effective.
[18:21.860 --> 18:30.420]  So, in summary, because of the air gap structure of defense network, it may be hard to adopt blockchain.
[18:31.700 --> 18:36.560]  And second challenge, first dynamic environment.
[18:38.400 --> 18:44.580]  Wherever the military goes, communication must always exist.
[18:46.260 --> 19:05.300]  Actually, it was same as the past warfare, but in modern warfare, getting information and process the information and make decisions are really important and should be fast.
[19:05.300 --> 19:13.080]  Because we should make decisions faster than enemy and move faster than enemy.
[19:14.580 --> 19:20.480]  So that we can make the superior position.
[19:20.480 --> 19:33.080]  So, anyway, for this process, communication must be followed.
[19:33.080 --> 19:44.560]  So, in this picture, in modern warfare, all of these things require communication.
[19:44.560 --> 19:50.640]  So, it means, let's see the example.
[19:53.300 --> 20:10.980]  It's map of World War II and second map is how Nazi extended their occupied territory really fast and broadly.
[20:10.980 --> 20:17.340]  And right map is how their occupied territory shrinked really fast.
[20:18.080 --> 20:22.380]  Let's see the left map.
[20:22.820 --> 20:37.240]  When Nazi extended their occupied territory, then communication system must follow all of occupied territory and cover their communication really fast.
[20:41.160 --> 20:50.720]  Even if their advance is really fast, communication and their system must follow. There's no exception.
[20:50.720 --> 21:08.240]  At the right map, even if their occupied territory shrinks really fast, communication system will shrink really fast.
[21:08.240 --> 21:12.240]  Anyway, just whatever is distributed throughout.
[21:13.120 --> 21:21.700]  Another example. It's our country case. It's map of Korean War in 1950.
[21:22.960 --> 21:33.480]  Before the Korean War, the territory was divided at this line, 38th parallel.
[21:33.480 --> 21:42.480]  In three months, South Korea's territory was shrinked to just two cities, Daegu and Busan.
[21:42.600 --> 21:45.640]  And we are really shrinking really fast.
[21:45.640 --> 21:57.880]  But you can see, just in two or three months, we expanded our territory till the nearly end of North Korea.
[21:57.880 --> 22:02.200]  But we retreated really fast again.
[22:02.200 --> 22:20.050]  So, what I want to say is, better ground environment is really dynamic and we can't choose and there's no exception.
[22:20.130 --> 22:27.250]  We are just first to meet situations.
[22:27.370 --> 22:34.110]  So, let's move on the blockchain.
[22:34.110 --> 22:39.530]  So, let's consider the case, sudden expansion.
[22:41.110 --> 22:47.030]  Our private blockchain network is just like PBFT.
[22:48.510 --> 22:57.970]  At the left situation, we have 8 total nodes and acceptable 30 nodes are like 2.
[22:57.970 --> 23:15.370]  But we expanded our territory really fast and we just added a lot of nodes because we should cover the occupied territory.
[23:15.370 --> 23:19.530]  Then, acceptable 30 nodes should be 12.
[23:19.530 --> 23:28.650]  But in PBFT, this kind of consensus mechanism, we need settings.
[23:29.030 --> 23:42.590]  But if this expansion is really fast and if this setting is not adapted, then it will be really easy to make consensus.
[23:42.590 --> 23:52.850]  So, past majority becomes minority. 8 is minority of 36, so that is now your minority can make consensus.
[23:53.590 --> 23:57.230]  Another case is kind of a reverse case.
[23:57.230 --> 23:59.790]  So, let's think about sudden sharing key.
[24:00.470 --> 24:02.890]  Sharing key is this typo.
[24:04.690 --> 24:18.950]  Your original set is total nodes 36 and in PBFT, the number of acceptable 30 nodes is 11.
[24:19.010 --> 24:23.710]  But most of nodes are just destroyed.
[24:23.710 --> 24:30.750]  And then you have total nodes 8 and the number of acceptable 30 nodes should be 3.
[24:30.750 --> 24:37.750]  But you are just destroyed, so you can't make setting in the time.
[24:37.750 --> 24:42.150]  So, it will be nearly impossible to make consensus.
[24:42.610 --> 24:50.730]  So, the past minority becomes the majority in this situation.
[24:50.730 --> 24:54.570]  That is, now your majority can't make the consensus.
[24:56.690 --> 25:00.750]  So, another situation, bombing and partitioning.
[25:00.750 --> 25:03.200]  It's the last situation.
[25:03.450 --> 25:07.890]  Your nodes just can't be partitioned.
[25:07.890 --> 25:19.650]  In public blockchain, it's nearly impossible because nodes are connected by a worldwide web.
[25:19.650 --> 25:24.220]  So, it's really hard to make clear partition.
[25:24.490 --> 25:27.250]  Just divide into two partitions.
[25:27.250 --> 25:33.690]  But it's possible in VR situations.
[25:33.690 --> 25:41.350]  So, for example, you have to turn 36 nodes and partition them.
[25:41.410 --> 25:44.210]  There's no majority anymore.
[25:44.970 --> 25:47.210]  Furthermore, there's another issue.
[25:47.210 --> 25:55.450]  If you connect the partitions but they have their own blocks,
[25:56.100 --> 26:07.290]  especially for PVF tier deterministic consensus mechanisms, consistency will be a really big problem.
[26:07.290 --> 26:10.550]  So, we'll meet our first problem.
[26:10.550 --> 26:17.810]  In military situation, we can't just throw another information.
[26:17.810 --> 26:21.450]  We can't choose just one information.
[26:21.450 --> 26:26.670]  We need to collect all information and process and decide.
[26:26.670 --> 26:28.790]  So, it'll be a problem.
[26:29.510 --> 26:31.750]  So, it was the second challenge.
[26:31.790 --> 26:39.270]  To summarize, in more extreme situations, assumptions can be easily broken.
[26:39.270 --> 26:43.370]  Weakness can be easily revealed.
[26:43.370 --> 26:56.530]  So, especially in my examples, deterministic consensus mechanisms that cannot guarantee aliveness are real problems in these situations.
[26:58.270 --> 27:00.410]  Challenge 3, research shortage.
[27:00.410 --> 27:04.730]  Actually, it's a classical problem of blockchain.
[27:05.730 --> 27:13.630]  But I can't mention this problem.
[27:13.630 --> 27:19.610]  Blockchain's other name is state replication system.
[27:19.610 --> 27:29.290]  So, it'll replicate computation resource, storage resource, latency resource, bandwidth resource.
[27:29.960 --> 27:40.790]  But existing military system were considered existing missions and existing systems.
[27:40.790 --> 27:49.920]  So, just replicating existing performances will be a problem.
[27:50.350 --> 27:58.750]  And we adopt blockchain for missions, not missions for blockchain.
[27:58.750 --> 28:03.330]  So, influence on mission-critical functions should be checked.
[28:03.330 --> 28:08.870]  Mission-critical functions should be guaranteed and then we can adopt blockchain.
[28:09.250 --> 28:13.030]  But, yeah, first problem is resource consumption.
[28:13.030 --> 28:14.490]  Then, what is second problem?
[28:14.490 --> 28:20.050]  Second problem is serving resource consumption is not easy.
[28:20.050 --> 28:34.870]  So, if we don't have enough resources, then we should get more resources and then we need to get more systems or more resources.
[28:34.870 --> 28:43.210]  Then, we need to use defense acquisition process.
[28:46.270 --> 29:05.670]  But maybe some of you already knew that military acquisition process is really conservative and it requires really rigorous tasks and evaluation process.
[29:05.670 --> 29:07.830]  It's really heavy.
[29:10.290 --> 29:17.610]  Defense acquisition process was having developed in this way.
[29:17.610 --> 29:31.950]  So, you can see in the left picture, it's the US military acquisition system and it's really bureaucratic and conservative and really heavy.
[29:31.950 --> 29:47.330]  So, there are many articles and interviews that DOD or many countries are suffering from full defense acquisition process.
[29:50.030 --> 30:00.930]  Well, rigorous tasks and evaluations and rigorous acquisition system process is essential.
[30:00.930 --> 30:14.710]  But, it is a really big problem in cybersecurity because, you know, system is developed and vulnerabilities are always hiding.
[30:16.990 --> 30:30.790]  Vulnerabilities are just found time by time, but military acquisition system is not that rapid to react from these updates or kind of that.
[30:30.790 --> 30:45.790]  So, anyway, military bureaucratic acquisition system process, because of that, it will be difficult to solve resource consumption problem.
[30:47.090 --> 30:50.450]  So, in this situation, what can you do?
[30:50.450 --> 31:04.550]  To adopt proof-of-work, we can't waste energy. Of course, proof-of-stake, we don't have coins in defense system.
[31:04.550 --> 31:16.510]  And when we go to private consensus mechanism like PVRT, then we will go back to the challenge 2 again.
[31:16.510 --> 31:22.490]  It can't guarantee liveness, so it will make such extreme problems.
[31:24.390 --> 31:35.910]  So, in summary, mission is always first, but due to the military environment, support is not so timely and sufficient to adopt blockchain.
[31:37.110 --> 31:41.840]  So, next is related military projects.
[31:42.050 --> 31:51.430]  So, we surveyed 42 defense projects about blockchain and categorized as below.
[31:51.430 --> 31:57.570]  And each project can be categorized into multiple categories.
[31:57.570 --> 32:09.090]  For example, there's a research about key management about military drone system.
[32:09.090 --> 32:16.330]  Then it's categorized into internet of things and communications and identification and authentication.
[32:16.990 --> 32:25.990]  And especially data integrity category is just for data integrity project.
[32:25.990 --> 32:34.710]  It's because adopting blockchain technology is basically about data integrity.
[32:34.970 --> 32:44.170]  So, we categorized a project only about data integrity into that category.
[32:44.170 --> 32:57.640]  So, main categories are like that. Data integrity, supply chain management, internet of things and communications, and identification and authentication.
[32:57.640 --> 33:18.440]  So, we are somewhat careful about mentioning a project because about related project, detailed information about many real military projects are classified.
[33:18.440 --> 33:28.740]  We got information from project notification, interviews, and news articles.
[33:28.740 --> 33:40.000]  So, the information we got can be not clear or can be somewhat misunderstood.
[33:40.200 --> 33:48.380]  So, we want to notice that our comments are based on limited information.
[33:50.040 --> 33:58.680]  So, data integrity. For example, there are three projects.
[33:58.860 --> 34:04.000]  French military police records on Taz's blockchain.
[34:04.000 --> 34:08.280]  It's interesting that they put records on public blockchain.
[34:08.680 --> 34:18.020]  So, maybe they can avoid problems that I mentioned like the problems happening in private blockchain.
[34:18.020 --> 34:28.360]  And another example is U.S. DoD project sharing of defense research development testing evaluation on blockchain.
[34:29.540 --> 34:38.000]  And another project is also U.S. DoD provenance using blockchain on disconnected networks.
[34:38.000 --> 34:48.400]  This project is also interesting that they already considered some disconnected network situation in tactical networks.
[34:51.770 --> 34:57.530]  So, another related category is supply chain management.
[34:57.790 --> 35:06.880]  In cyber defense, supply chain management is really a big issue.
[35:06.880 --> 35:18.140]  Maybe you read Bloomberg article about microchip hacking.
[35:18.320 --> 35:27.440]  I don't know if it's true or not, but what I know is it was truly a big issue.
[35:28.020 --> 35:34.760]  And there are other articles about supply chain attacks are suspicious.
[35:34.760 --> 35:41.220]  Yeah, it's truly a really big, really important attack factor.
[35:41.220 --> 35:51.600]  And so, there's a U.S. DoD project about it, blockchain supply chain enhancements for trusted and assured LPGA and ASICs.
[35:51.600 --> 36:02.580]  But blockchain on supply management is actively researched for efficiency about supply chain, not only for security.
[36:03.580 --> 36:07.640]  Another category is Internet of Things.
[36:08.960 --> 36:21.560]  There's a U.S. Department of Homeland Security project combining blockchain technology with critical infrastructure.
[36:21.560 --> 36:34.950]  This project is about sensors and cameras that protect integrity and authenticity of critical infrastructure.
[36:34.950 --> 36:46.530]  This project is about IoT, so we can just relate it to Challenge 3 research series.
[36:46.530 --> 36:57.450]  But I think the infrastructure is not dynamic, so it can be adaptable, I think.
[36:58.450 --> 37:10.630]  So, in communication category, there's a DARPA project building an encrypted message system based on blockchain technology.
[37:13.110 --> 37:25.370]  I think it's about tactical networks, so I don't know the detailed information, but if it is related to messages in tactical networks.
[37:25.370 --> 37:33.310]  Challenge 2, first dynamic environments, and Challenge 3 research series should be considered. Maybe they will be considered.
[37:34.570 --> 37:42.430]  For identification and authentication, there are two projects.
[37:42.430 --> 37:48.870]  For example, a U.S. DHS project decentralizes KME management using blockchain.
[37:48.870 --> 38:01.030]  There's a South Korea project blockchain-based DID.
[38:01.030 --> 38:11.930]  But maybe some of you noticed, some of these projects are not domain-specific.
[38:11.930 --> 38:20.570]  I mean, it's not just only for cyber defense. Many projects are just general.
[38:20.570 --> 38:34.190]  But for this project, especially identification and authentication, the decentralized key management and DID is not only military issue, not only cyber defense.
[38:34.190 --> 38:37.610]  So maybe they are not interesting.
[38:38.170 --> 38:45.070]  So, related projects in my examples are like that.
[38:45.070 --> 38:52.530]  Lines mean that projects are not domain-specific.
[38:54.210 --> 39:04.470]  I'm interested in blockchain specifically for cyber defense.
[39:04.470 --> 39:10.530]  So I'm still surveying about this topic and I'm preparing a paper.
[39:13.140 --> 39:21.580]  Actually, I think I criticized a lot with just question this topic and introduced challenges.
[39:21.580 --> 39:25.580]  But then some can ask, then what are alternatives?
[39:26.280 --> 39:32.280]  What I want to say is we don't need to choose a perfect blockchain structure.
[39:32.280 --> 39:45.720]  As I mentioned at the first part of this talk, blockchain is constructed by three concepts.
[39:45.760 --> 39:48.580]  As a data structure, hash chain blocks.
[39:48.580 --> 39:52.040]  And as a network structure, distributed network.
[39:52.040 --> 39:56.020]  And as a consensus structure, decentralized consensus.
[39:56.020 --> 40:01.140]  But you can just give up one concept or two concepts.
[40:01.140 --> 40:07.940]  Maybe you only need distributed network and penalized networks.
[40:07.940 --> 40:18.220]  So what I need to do is figure out problems and figure out right solutions.
[40:18.220 --> 40:27.300]  Not just decide to use blockchain and figure out which blockchain is adaptable.
[40:28.800 --> 40:35.520]  So to summarize, takeaway are three.
[40:35.520 --> 40:41.700]  Cyber defense makes more challenges and requirements for blockchain.
[40:41.820 --> 40:45.820]  Error gaps, sudden expansion, shrinkage, partitioning.
[40:46.680 --> 40:49.860]  Extreme situation can exist.
[40:51.700 --> 40:57.460]  Second, blockchain's resource consumption can be a problem.
[40:57.460 --> 41:04.020]  But defense environments are not that flexible to assign more resources.
[41:05.980 --> 41:11.880]  Third, we don't need to cling to blockchain if it's not adaptable.
[41:11.880 --> 41:15.320]  Otherwise, it will bring more issues.
[41:15.320 --> 41:19.220]  So it's all of my talk.
[41:19.360 --> 41:22.920]  And get in touch to these emails.
[41:22.920 --> 41:26.780]  We welcome any questions and discussions.
[41:27.000 --> 41:37.650]  And I think this presentation will be uploaded somewhere so you can see our emails.
[41:38.650 --> 41:46.250]  So thank you for your attention and thank you again.
[41:46.250 --> 41:47.650]  Any questions?
[42:27.170 --> 42:29.370]  Is there a question?
[42:41.810 --> 42:48.210]  If you can't ask now, then you can just send email or send message to Discord.
[42:48.840 --> 42:53.340]  Any questions and discussions are welcome.
[43:04.070 --> 43:06.910]  Okay, then. Thank you.
[43:06.910 --> 43:12.430]  Then I can just quit the live streaming, right?
